Iscsi Security (Insecure Scsi) presented at Blackhat USA 2005

by Himanshu Dwivedi,

Tags: Security

Summary : Himanshu Dwivedi's presentation will
discuss the severe security issues that exist in the default
implementations of iSCSI storage networks/products. The presentation
will cover iSCSI storage as it pertains to the basic principals of
security, including enumeration, authentication, authorization, and
availability.  The presentation will contain a short overview of
iSCSI for security architects and basic security principals for storage
administrators. The presentation will continue into a deep discussion of
iSCSI attacks that are capable of compromising large volumes of data
from iSCSI storage products/networks.  The iSCSI attacks section
will also show how simple attacks can make the storage network
unavailable, creating a devastating problem for networks, servers, and
applications. The presenter will also follow-up each discussion of
iSCSI attacks with a demonstration of large data compromise. iSCSI
attacks will show how a large volume of data can be compromised or
simply made unavailable for long periods of time without a single root
or administrator password. The presentation will concluded with existing
solutions from responsible vendors that can protect iSCSI storage
networks/products. Each iSCSI attack/defense described by the presenter
will contain deep discussions and visual demonstrations, which will
allow the audience to fully understand the security issues with iSCSI as
well as the standard defenses.